Sophos Web Appliance: Requirements for the AD user account used in the Active Directory page

  • Article ID: 52548
  • Rating:
  • 3 customers rated this article 4.0 out of 6
  • Updated: 09 Aug 2011

Problem: While enabling Active Directory integration in the Administration Web Interface's Configuration > System > Active Directory page, the Verify Settings process fails with either a “Could not test LDAP settings” or “Could not join the domain” error message.

Solution: Do the following:

In Active Directory Users and Computers:

  1. Create an Active Directory (AD) user that is a member of the (default) Domain Users group. For illustration purpose, let’s call this AD user swa-auth.
  2. Select View > Advanced Features.
  3. Right-click the appropriate domain, and then click Properties.
  4. On the Security tab, add the swa-auth account to the list, and then click Apply.
  5. Click Advanced button.
  6. In the Advanced Security Settings for [domain] window, select the Permissions tab, click on the Name column to sort the entries by AD username alphabetically.
  7. If swa-auth is not found, add it to the list.
  8. Select swa-auth. Click Edit.
  9. In the Permission Entry for [domain] window, select the Object tab. In the Apply onto drop-down menu, select Computer Objects. In the Permissions area, select the All Validated Writes and the All Extended Rights check boxes.
  10. In the same Permission Entry for [domain] window, select the Properties tab. In the Apply onto drop-down menu, select Computer Objects. In the Permissions area, select the Write Account Restrictions and the Write DNS Host Name Attributes check boxes.
  11. Click Apply and then OK to close all dialog boxes.

In Domain Controller Security Settings:

  1. Navigate to Security Settings > Local Policies > User Rights Assignment.
  2. Open Add workstations to domain setting.
  3. Add swa-auth to the list.
  4. Click Apply and then OK to close all dialog boxes.

If Active Directory Group Policy is defined, then make the change in Group Policy Management.

In the Administration Web Interface for the Web Appliance or the Management Appliance:

  1. Enter the details in the Configuration > System > Active Directory page.
  2. Re-run the Verify Setting process
  3. close the Verify Settings dialog box when all is well.
  4. Click Apply to enable AD authentication.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments